This is the F1 Fuzzer described in the paper Building Fast Fuzzers.
If you use F1 in a production setting, if you found bugs with it (yay!), or if you have any suggestions to share, please let us know – your experience is very valuable for us. Thanks!
List of changes made to the sourcecode to make it run on Linux systems -
- Requires clang as compiler to work in Linux
- "stdint.h" header included in main.c
- fuzz_src is written to fuzz.S instead of fuzz.s
- Compiled in Linux using "clang -g -Ofast -mcmodel=medium -o fuzzer main.c fuzz.S" while MacOS compiles using "cc -g -Ofast -o fuzzer main.c fuzz.S"
- stackp's array size is INT_MAX/100 in Linux (INT_MAX in MacOS)
- out_region_initp's arraysize is UINT_MAX/100 (UINT_MAX in MacOS)
- all contents of ".section __DATA,__data" is moved to ".text" section in vm_ops.s